Red Hat Product Errata RHSA-2026:22963 - Security Advisory Issued: 2026-06-03 Updated: 2026-06-03 RHSA-2026:22963 - Security Advisory Overview Updated Packages Synopsis Critical: samba security update Type/Severity Security Advisory: Critical Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for samba is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): samba: Missing access check on reparse point operations (CVE-2026-1933) samba: vfs_worm does not block directory modification (CVE-2026-2340) samba: group policy certificate enrollment uses http:// without validation (CVE-2026-3012) samba: Samba: Remote Code Execution in printing subsystem via unescaped job description (CVE-2026-4480) ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake (CVE-2026-40170) samba: Remote Code Execution in SAMR (CVE-2026-4408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2447317 - CVE-2026-1933 samba: Missing access check on reparse point operations BZ - 2447318 - CVE-2026-2340 samba: vfs_worm does not block directory modification BZ - 2447319 - CVE-2026-3012 samba: group policy certificate enrollment uses http:// without validation BZ - 2452232 - CVE-2026-4480 samba: Samba: Remote Code Execution in printing subsystem via unescaped job description BZ - 2459061 - CVE-2026-40170 ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake BZ - 2479762 - CVE-2026-4408 samba: Remote Code Execution in SAMR CVEs CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-4408 CVE-2026-4480 CVE-2026-40170 References https://access.redhat.com/security/updates/classification/#critical Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM samba-4.23.5-109.el10_2.src.rpm SHA-256: ad8a1a11a118ad217fae84e8956a68bf84fe7b59b60e985b070d9d41034cacb1 x86_64 ctdb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 50ddd42cadc99b7051551fdae9f6d728eca6789f2a8ed7c51002a8ff0ce07c09 ctdb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 50ddd42cadc99b7051551fdae9f6d728eca6789f2a8ed7c51002a8ff0ce07c09 ldb-tools-4.23.5-109.el10_2.x86_64.rpm SHA-256: 2a8e01194a992e88f37f541af46597dfc5ccc6dc853ca208f000006c374224db ldb-tools-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: f27b9531d263665be00ff31f4f45f0fc6c1638a84a2aaf1be0c8d4cfcd362be6 ldb-tools-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: f27b9531d263665be00ff31f4f45f0fc6c1638a84a2aaf1be0c8d4cfcd362be6 libldb-4.23.5-109.el10_2.x86_64.rpm SHA-256: c4f31f8a85f3fe5d08a29f87959b527e36455c6f363d176a4becf0d28d3427f6 libldb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 8e6e0e288fe3175ad9048758774c77209a29b6304f14099fcf4f71b1c14e0996 libldb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 8e6e0e288fe3175ad9048758774c77209a29b6304f14099fcf4f71b1c14e0996 libnetapi-4.23.5-109.el10_2.x86_64.rpm SHA-256: 3bd0db3d750e8004ed81d92579c39bbf11237138f567ba7f7d890cd351d4ba10 libnetapi-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 82aa8f7c425460bbdf402bfd516115001925699304d5f89d15b2450e0b5f5c06 libnetapi-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 82aa8f7c425460bbdf402bfd516115001925699304d5f89d15b2450e0b5f5c06 libsmbclient-4.23.5-109.el10_2.x86_64.rpm SHA-256: 916d8a180aabdf064cf904fc3959bb2dd9972aa2f0729fbb678bf71ad964201c libsmbclient-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 41ea861f0890687c6ac5889534624ad39d56311b9d445bf6cfe867a0c4b51012 libsmbclient-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 41ea861f0890687c6ac5889534624ad39d56311b9d445bf6cfe867a0c4b51012 libwbclient-4.23.5-109.el10_2.x86_64.rpm SHA-256: d0e3befe45bfb9fe97aa3e0d9d5c36f4b2d685d63e8393fcff5fe6f7a3ce40fe libwbclient-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: c9069bc36a9211ba7e637cefb9ff2b53a9709c75c8d9c1da20cd34b52cf517b7 libwbclient-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: c9069bc36a9211ba7e637cefb9ff2b53a9709c75c8d9c1da20cd34b52cf517b7 python3-ldb-4.23.5-109.el10_2.x86_64.rpm SHA-256: ea873e0598845502c03b8725728412f38dc1ef4ca200d9a101a01a90b9da95cf python3-ldb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: b5cb048997485ed2294cb70bc833713d31b7f58173028703403ac9b6087579a1 python3-ldb-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: b5cb048997485ed2294cb70bc833713d31b7f58173028703403ac9b6087579a1 python3-samba-4.23.5-109.el10_2.x86_64.rpm SHA-256: 66fd89870dfd1e6730cfae3631955be1b0169584ed334463637d94904ad3a0bb python3-samba-dc-4.23.5-109.el10_2.x86_64.rpm SHA-256: 3092469ce919e24797f777cc17fe8cf7dbd5e4d5de38b308c3bf745d609022f2 python3-samba-dc-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 2d216463e9cd47702b5b5e15934a37b8e3ffc467cdb3a957d64c0cebbb238d23 python3-samba-dc-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 2d216463e9cd47702b5b5e15934a37b8e3ffc467cdb3a957d64c0cebbb238d23 python3-samba-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 429005d4f34acb43406f011862cfd2beb29ee01a34427be07468d3bb05c4c45c python3-samba-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 429005d4f34acb43406f011862cfd2beb29ee01a34427be07468d3bb05c4c45c samba-4.23.5-109.el10_2.x86_64.rpm SHA-256: 995167a3cba5c227fd3a400a78ca37c906328664b5d07b7454f0935d52742556 samba-client-4.23.5-109.el10_2.x86_64.rpm SHA-256: 71478ba476bb94736a5598f096b960f66636cf5664d8754adffeaf724aa6cc3c samba-client-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 9a3aac3079de346c5e0f74aecc866acd6adc4138b000cbc667c1e45f14289835 samba-client-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 9a3aac3079de346c5e0f74aecc866acd6adc4138b000cbc667c1e45f14289835 samba-client-libs-4.23.5-109.el10_2.x86_64.rpm SHA-256: f14c036f9ac390c229011a19b31fcd024b2b30d4e9e46de7cf58abfdf0150555 samba-client-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 989f31ae605df55302d86f4c3392ead812daa5aa27357d1a89d259633bdbf199 samba-client-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 989f31ae605df55302d86f4c3392ead812daa5aa27357d1a89d259633bdbf199 samba-common-4.23.5-109.el10_2.noarch.rpm SHA-256: 35945a07ced01d4977484fe770fb17e1c3ea798fe29d88907fd1eb532de0d9e6 samba-common-libs-4.23.5-109.el10_2.x86_64.rpm SHA-256: 139b289c61fb1d6498fd7737b92c05575487b2970c52079425b8c42f3a13dec4 samba-common-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 5379c0e75bb0de8453914fa28341d808cef21e60e75eb2f2732040ab15e5b3f5 samba-common-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 5379c0e75bb0de8453914fa28341d808cef21e60e75eb2f2732040ab15e5b3f5 samba-common-tools-4.23.5-109.el10_2.x86_64.rpm SHA-256: 12aa321e7e8f47b3c13488d7b5df6d8c8e3d92d3a8bf433a1cd05dda7efdae94 samba-common-tools-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 7493fc747cc2674d622fe9e0212f195317312472d5dd38dc675b7477b5eb91aa samba-common-tools-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 7493fc747cc2674d622fe9e0212f195317312472d5dd38dc675b7477b5eb91aa samba-dc-libs-4.23.5-109.el10_2.x86_64.rpm SHA-256: ee21f25b013054342fd2fcb7da032edd11a5bbfb7eba6f2df4986919e6d53d89 samba-dc-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: c26e603b9e2f0f82d78c3953e640783f26416c24426e3848b672b3680a0e0e64 samba-dc-libs-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: c26e603b9e2f0f82d78c3953e640783f26416c24426e3848b672b3680a0e0e64 samba-dcerpc-4.23.5-109.el10_2.x86_64.rpm SHA-256: e8e730c5f12f9905d5553c36cc46b26c5da4803fb38950633174f50e0480a0a4 samba-dcerpc-debuginfo-4.23.5-109.el10_2.x86_64.rpm SHA-256: 4ab5f547d3ca93e07da3a2708b2015e2c304